CVE-2013-4093
Imperva SecureSphere Operations Manager 9.0.0.5 - Multiple Vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote attackers to obtain sensitive information via (1) a direct request to dwr/call/plaincall/AsyncOperationsContainer.getOperationState.dwr, which reveals the installation path in the s0.filePath field, or (2) a T/keyManagement request to plain/settings.html, which reveals a temporary path in an error message.
SecureSphere Operations Manager (SOM) Management Server en Imperva SecureSphere v9.0.0.5, permite a atacantes remotos obtener información sensible a través de (1) una solicitud directa a dwr/call/plaincall/AsyncOperationsContainer.getOperationState.dwr, lo que revela la ruta de instalación en el campo s0.filePath, o (2) una petición T/keyManagement a plain/settings.html, lo que revela una ruta temporal en un mensaje de error.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-06-05 First Exploit
- 2013-06-11 CVE Reserved
- 2013-06-28 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/121861/Imperva-SecureSphere-Operations-Manager-Command-Execution.html | X_refsource_misc |
|
| http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt | X_refsource_misc |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/25977 | 2013-06-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Imperva Search vendor "Imperva" | Securesphere Search vendor "Imperva" for product "Securesphere" | 9.0.0.5 Search vendor "Imperva" for product "Securesphere" and version "9.0.0.5" | - |
Affected
| ||||||